ParaloomPARALOOM

Compute Layer

Privacy-preserving distributed computation with WASM execution

Compute Layer

Paraloom's compute layer enables privacy-preserving distributed computation using WASM execution and zkSNARK verification.

Overview

The compute layer provides:

  • Real WASM Execution: Sandboxed execution with resource limits
  • Multi-Validator Verification: 2/3 consensus on results
  • Privacy-Preserving Compute: Hidden input/output with zkSNARK proofs
  • Load Balancing: Intelligent job distribution

Architecture

WASM Execution Engine

pub struct WasmEngine {
    runtime: Wasmtime,
    config: ExecutionConfig,
}

pub struct ExecutionConfig {
    memory_limit: usize,    // Default: 64MB
    instruction_limit: u64, // CPU limit
    timeout: Duration,      // Per-job timeout
    concurrent_jobs: usize, // Default: 4
}

Features:

  • Runtime: Wasmtime v26.0
  • Sandboxed execution environment
  • Resource isolation (memory, CPU, time)
  • Security: NaN canonicalization, stack limits

Job Types

ZK Proof Generation

Generate zkSNARK proofs for privacy transactions. Typical cost: 0.05-0.1 SOL.

ML Inference

Run machine learning models on encrypted data. Typical cost: 0.1-0.2 SOL.

Aggregation

Aggregate data from multiple sources privately. Typical cost: 0.01-0.05 SOL.

Job Lifecycle

Compute Job Lifecycle

Job Submitted

User submits compute job with:

  • WASM bytecode
  • Input data (encrypted for private jobs)
  • Resource requirements

Job Assigned

Coordinator assigns job to validators based on:

  • Validator capacity
  • Current load
  • Reputation score

Job Executed

Validators execute WASM:

  • Sandboxed environment
  • Resource limits enforced
  • Results collected

Result Verified

For consensus:

  • 3 validators execute same job
  • 2/3 must agree on result
  • Disagreement triggers retry

Job Completed

Result returned to user:

  • Encrypted output (private jobs)
  • Execution metrics
  • Proof of execution

Privacy-Preserving Compute

How It Works

  1. Private Job Submission: Input data hidden via Pedersen commitments
  2. Encrypted Execution: Validators process encrypted input/output
  3. zkSNARK Proofs: Prove correct execution without revealing data
  4. Multi-Validator Consensus: 2/3 agreement on encrypted results
  5. Shielded Results: Only job owner can decrypt output

Private Compute Workflow

User creates job with input commitment (data hidden)


Job submitted to shielded pool with encrypted input


Validators execute WASM with encrypted data


Generate zkSNARK proof of correct execution


2/3 validators must agree on output commitment


Result finalized in shielded pool


User retrieves and decrypts output (private)

Code Example

use paraloom::compute::PrivateJob;

// Create private compute job
let job = PrivateJob::new()
    .with_wasm(wasm_code)
    .with_encrypted_input(encrypted_input)
    .with_commitment(input_commitment)
    .build();

// Submit to network
let job_id = network.submit_private_job(job).await?;

// Wait for result
let result = network.get_result(job_id).await?;

// Decrypt output (only owner can decrypt)
let output = result.decrypt(&private_key)?;

Load Balancing

Algorithm

Jobs are distributed based on:

  1. Capacity: Validators announce available resources
  2. Current Load: Least-loaded validator preferred
  3. Reputation: Higher reputation = more jobs
  4. Latency: Closer validators preferred
fn select_validator(job: &Job, validators: &[Validator]) -> Validator {
    validators
        .iter()
        .filter(|v| v.capacity >= job.requirements)
        .min_by_key(|v| v.current_load)
        .unwrap()
}

Heartbeat System

Validators send heartbeats every 30 seconds:

pub struct Heartbeat {
    validator_id: NodeId,
    capacity: ResourceCapacity,
    current_load: f32,
    timestamp: u64,
}

Stale validators (>60s without heartbeat) are removed from pool.

Resource Limits

Default Limits

ResourceLimitNotes
Memory64 MBConfigurable per job
Instructions1BCPU limit
Execution Timeout30sPer-job default (configurable)
Distribution Timeout300sMax time for job assignment
Concurrent Jobs4Per executor

Enforcing Limits

// Memory limit
engine.set_memory_limit(64 * 1024 * 1024);

// Instruction counting
engine.set_fuel(1_000_000_000);

// Execution timeout (default 30s, configurable)
tokio::time::timeout(Duration::from_secs(30), job.execute()).await?;

Running Compute Jobs

Submit a Job

# Standard compute job
paraloom compute submit \
  --wasm ./my_program.wasm \
  --input ./input.json

# Private compute job (encrypted input/output, zkSNARK proof)
paraloom compute submit \
  --wasm ./my_program.wasm \
  --input ./input.json \
  --private

Check Status

paraloom compute status --job-id <JOB_ID>

Get Result

paraloom compute result --job-id <JOB_ID>

# Save output to file
paraloom compute result --job-id <JOB_ID> --output ./result.bin

Compute Demo

Run the built-in demo:

cargo run --bin compute-demo

Output shows:

  • 3 validators registering
  • 7 jobs submitted
  • Load balancing in action
  • Results aggregated

Performance

MetricValue
Simple jobsUnder 1s execution
ZK proof generationUnder 5s execution
Network overheadUnder 200ms per job
Concurrent jobs10+ per validator

Testing

Unit Tests

cargo test --lib compute

Integration Tests

cargo test --test compute_wasm_execution_test

Private Compute Tests

cargo test private_compute

11 tests covering:

  • Private job creation
  • Input/output commitment
  • Multi-validator consensus
  • zkSNARK verification
  • Result decryption

Consensus

Multi-validator Byzantine fault-tolerant consensus mechanism

Solana Bridge

Cross-chain bridge for SOL deposits and withdrawals

On this page

Compute LayerOverviewArchitectureWASM Execution EngineJob TypesJob LifecycleJob SubmittedJob AssignedJob ExecutedResult VerifiedJob CompletedPrivacy-Preserving ComputeHow It WorksPrivate Compute WorkflowCode ExampleLoad BalancingAlgorithmHeartbeat SystemResource LimitsDefault LimitsEnforcing LimitsRunning Compute JobsSubmit a JobCheck StatusGet ResultCompute DemoPerformanceTestingUnit TestsIntegration TestsPrivate Compute Tests